Commit Graph

3388 Commits

Author SHA1 Message Date
Brad Fitzpatrick
37e115834e cmd/derper: support logging to logtail
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-21 07:53:22 -08:00
Brad Fitzpatrick
379a3125fd derp, wgengine/magicsock: support more than just packets from Client.Recv
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 22:08:13 -08:00
Brad Fitzpatrick
88f1cc0c98 derp, cmd/derper: add rate limiting support, add default 5Mbps limit
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 15:26:30 -08:00
Brad Fitzpatrick
1166c34f6c derp: fix staticcheck warning
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 14:49:47 -08:00
Brad Fitzpatrick
322cb58b14 derp: deflake test I flaked up in earlier change
I broke an invariant in 11048b8932 (it was even nicely
documented then).

Also clean up the test a bit from while I was debugging it.

Fixes #84

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 14:41:39 -08:00
Brad Fitzpatrick
f029c4c82d derp: change the protocol framing to always include a length
Addresses one of crawshaw's TODOs.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 13:37:44 -08:00
David Anderson
c47f907a27 ipn: use *Prefs rather than Prefs throughout.
Prefs has become a heavy object with non-memcpy copy
semantics. We should not pass such a thing by value.

Signed-off-by: David Anderson <dave@natulte.net>
2020-02-20 11:31:10 -08:00
David Anderson
0c55777fed ipn: temporary support for loading legacy relaynode configs.
Signed-off-by: David Anderson <dave@natulte.net>
2020-02-20 11:31:10 -08:00
David Crawshaw
4ebc0fa70f wgengine: incremental update of peers on network map change
This is the first, and easier, part of incremental wireguard-go
reconfiguration. It means that a new node appearing on the
network does not cause all existing nodes to re-handshake with
the other nodes they are talking to.

(This code has been running on hello.ipn.dev for a few weeks and
peers have successfully reconnected to it through many network
map updates.)

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-20 13:48:34 -05:00
Brad Fitzpatrick
11048b8932 derp: add docs on current protocol overview, break accept apart a bit
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 09:57:05 -08:00
Brad Fitzpatrick
79af6054bf derp: don't start sending keepalives to client until after serverInfo sent
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 09:34:01 -08:00
Brad Fitzpatrick
1155716318 derp: rename some things in the client, add some docs
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 09:11:56 -08:00
Brad Fitzpatrick
4b461c2e77 derp: rename some things in the server, add some docs 2020-02-20 08:50:25 -08:00
Brad Fitzpatrick
d298d5b1f8 wgengine/magicsock: support multiple derp servers, and not just for handshakes
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 08:10:12 -08:00
Martin Baillie
a9bff99a9b wgengine: add OpenBSD router DNS update handling
Also removes validated TODO comments.

Signed-off-by: Martin Baillie <martin@baillie.email>
2020-02-20 08:03:07 -08:00
David Anderson
5868dd1a77 Lint: remove unused function.
Signed-off-by: David Anderson <dave@natulte.net>
2020-02-19 22:09:12 -08:00
Avery Pennarun
57bbafde84 cmd/relaynode: drop local --acl-file in favour of central packet filter.
relaynode itself is not long for this world, deprecated in favour of
tailscale/tailscaled. But now that the control server supports central
distribution of packet filters, let's actually take advantage of it in
a final, backward compatible release of relaynode.
2020-02-20 00:15:43 -05:00
David Anderson
77907a76a3 version: tag redo-generated version as +build redo.
staticcheck defaults to running with no tags set, which only
works if redo hasn't run and generated ver.go. If it has,
we end up with a redeclaration conflict.

Signed-off-by: David Anderson <dave@natulte.net>
2020-02-19 19:59:28 -08:00
David Anderson
15b4d26d92 logpolicy: automatically figure out paths and filenames.
The autoselection should pick sensible paths for all of:
 - Windows (LocalAppData)
 - Mac (Library/Caches)
 - Unix user (XDG_CACHE_DIR)
 - Linux systemd service (CACHE_DIRECTORY)

As a last resort, if cache dir lookup fails, plops sufficiently
uniquely named files into the current working directory.

Signed-off-by: David Anderson <dave@natulte.net>
2020-02-19 18:52:41 -08:00
Avery Pennarun
bec17d05cb .gitattributes: add a smudge filter for go.mod.
This is used when we want to do development against a local wireguard-go
repository checkout.
2020-02-19 20:02:02 -05:00
Brad Fitzpatrick
f266e2d1eb version: add CmdName func for future use by logpolicy
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

Change-Id: I02a7c907844f71242ef06ed097f2a92ece7ae091
2020-02-19 11:34:45 -08:00
David Anderson
cf1e386cbd ipn: move Options.ServerURL into Prefs.
We can't rely on a frontend to provide a control
server URL, so this naturally belongs in server-persisted
state.

Signed-off-by: David Anderson <dave@natulte.net>
2020-02-19 10:34:39 -08:00
David Crawshaw
45d687e213 wgengine: fix build on linux/freebsd/openbsd/windows
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-19 11:58:59 -05:00
David Crawshaw
431929c09a go.mod: fix wireguard-go version 2020-02-19 11:48:59 -05:00
David Crawshaw
d0f697ee07 wgengine: update for wgcfg changes
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-19 11:44:37 -05:00
David Anderson
c4f6f622f0 tailscaled: remove comment from systemd unit.
No need to ship TODOs to end user systems.

Signed-off-by: David Anderson <dave@natulte.net>
2020-02-18 14:46:02 -08:00
David Anderson
20e6fc1d78 tailscaled: fix systemd unit definition.
Port number has to be by itself for substitution to work.

Disabling the restart rate-limiting has to be in [Unit] not
[Service].

Signed-off-by: David Anderson <dave@natulte.net>
2020-02-18 13:46:03 -08:00
David Anderson
5d4b96b8f2 tailscaled: add a systemd unit.
Signed-off-by: David Anderson <dave@natulte.net>
2020-02-18 13:30:54 -08:00
David Anderson
85ac82c386 tailscaled: default to a sock in current dir, for development.
Signed-off-by: David Anderson <dave@natulte.net>
2020-02-18 13:30:23 -08:00
David Anderson
76819e7432 tailscaled: call the network interface tailscale0, not ts0.
Signed-off-by: David Anderson <dave@natulte.net>
2020-02-18 13:15:15 -08:00
David Anderson
4460bd638b safesocket: simplify API.
On unix, we want to provide a full path to the desired unix socket.

On windows, currently we want to provide a TCP port, but someday
we'll also provide a "path-ish" object for a named pipe.

For now, simplify the API down to exactly a path and a TCP port.

Signed-off-by: David Anderson <dave@natulte.net>
2020-02-18 12:56:19 -08:00
Brad Fitzpatrick
b72e6446e2 cmd/derper: add a basic DERP server
Mostly Crawshaw's earlier code, refactored a bit.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-18 11:25:11 -08:00
David Anderson
c7e2fcd517 Dockerfile: install iptables in the container.
We need iptables to make subnet routing work. Without it,
Tailscale mostly works, but subnet routing mysteriously doesn't.

Signed-off-by: David Anderson <dave@natulte.net>
2020-02-18 11:05:24 -08:00
Brad Fitzpatrick
fd1aa4f7f6 wgengine/magicsock: add a reSTUN method
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-18 10:55:36 -08:00
Brad Fitzpatrick
619697063e derp: more misc cleanups
And add an explicit derphttp.Client.Connect in the test now that it's
done lazily.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-18 10:09:37 -08:00
Brad Fitzpatrick
e06ca40650 wgengine, magicsock, derp: misc cleanups, docs
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-18 08:58:00 -08:00
David Crawshaw
a23a0d9c9f tailcfg: add RegisterRequest.Copy
Add some docs while I'm here.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-18 06:45:56 -05:00
David Anderson
47da432991 ipn: handle advertised routes provided by frontend.
Signed-off-by: David Anderson <dave@natulte.net>
2020-02-17 20:47:45 -08:00
wardn
5d79530caa wgengine: create freebsd-specific implementation
Signed-off-by: wardn <wardn@users.noreply.github.com>
2020-02-17 19:16:08 -08:00
Dave Anderson
a0af5655a8
Merge pull request #67 from tailscale/danderson/adv-routes
ipn: add AdvertiseRoutes to Prefs.
2020-02-17 16:03:33 -08:00
David Anderson
e0c35723a8 ipn: add documentation to the Prefs struct.
Signed-off-by: David Anderson <dave@natulte.net>
2020-02-17 15:52:44 -08:00
David Anderson
59ba2e6316 ipn: implement Prefs.Equals efficiently.
Signed-off-by: David Anderson <dave@natulte.net>
2020-02-17 15:01:23 -08:00
Brad Fitzpatrick
259406e797 derp: move away from [32]byte key types
And some minor cleanup in the process.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-17 14:18:09 -08:00
Tobias Klauser
4d09316f9a wgengine/monitor: use RTMGRP_* consts from x/sys/unix
Bump golang.org/x/sys/unix to get the RTMGRP_* consts and use them.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2020-02-17 14:15:08 -08:00
David Anderson
a5b84fa921 ipn: add AdvertiseRoutes to Prefs.
This is a prelude to supporting relaynode's --routes in
tailscaled. The daemon needs to remembers routes to
advertise, and the CLI needs to be able to change the
set of advertised routes. Prefs is the thing used for
both of these.

Signed-off-by: David Anderson <dave@natulte.net>
2020-02-17 13:50:16 -08:00
Brad Fitzpatrick
769e25e37b derp: use new types/key package
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-17 13:29:49 -08:00
David Anderson
a70a91521b ipn: print the packet filter setting in prefs.
Signed-off-by: David Anderson <dave@natulte.net>
2020-02-17 12:34:33 -08:00
David Anderson
62fb652eef cmd/tailscaled: run off internal state autonomously.
With this change, tailscaled can be restarted and reconnect
without interaction from `tailscale`, and `tailscale` is merely
there to provide login assistance and adjust preferences.

Signed-off-by: David Anderson <dave@natulte.net>
2020-02-17 12:34:33 -08:00
Brad Fitzpatrick
997678f540 wgengine/monitor: make Close not block forever on Linux
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-17 11:39:33 -08:00
Brad Fitzpatrick
7f5e3febe5 wgengine: move link monitor to be owned by the engine, not the router
And make the monitor package portable with no-op implementations on
unsupported operating systems.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-17 09:53:17 -08:00